The concept of protecting health information can be traced back to the fourth century BC and the Oath of Hippocrates, which describes obligations on health providers to maintain confidentialities that cover provider-patient relationships. This obligation to keep health information confidential is supported in the codes of ethics of various professional associations (e.g., the American Medical Association). Another aspect of health information protection is associated with the privacy rights of the patient. As applied to healthcare, such privacy rights include the patient's right to make decisions about how their personal information (e.g., name, address, etc.) and health information (e.g., treatment history, medications, etc.) are shared. Privacy rights with respect to individual healthcare decisions and health information have been outlined in court decisions, in federal and state statutes, accrediting organization guidelines, and professional codes of ethics.
For example, certain privacy provisions of the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) are codified as national standards for health information privacy protection in the United States. A third aspect of health information protection corresponds to responsibilities and rules that govern the security of health information. Such security strives to control access to certain health information or ensure its integrity, so as to preserve the aforementioned confidentiality and/or privacy of the information and maintain its utility.
For many years prior to the computing age, compliance with the foregoing health information protection expectations (e.g., as defined by laws, regulations, rules, guidelines, etc.) might be achieved by merely storing handwritten notes and patient charts in a locked filing cabinet. However, in today's modern computing age, vast amounts of health information are stored electronically in many disparate locations and is frequently accessed by large numbers of participants in the health ecosystem. Such participants might include, for example, patients, physicians, hospitals, pharmacies, and pharmaceutical companies.
Each of these participants recognizes the value and benefit of sharing and/or otherwise collaborating over such health data. Sharing health data among participants helps make better decisions that can improve medical outcomes or facilitate other aspects of healthcare such as claims processing, enrolling patients in clinical trials, helping patients to pay for medical procedures, and identifying suitable insurance products. As one example, detailed information about a new drug from a pharmaceutical company is often desired by downstream participants (e.g., pharmacies, hospitals, and physicians) to facilitate better decision-making about administration of the drug to patients. As another example, detailed information about patients' reactions to the drug is desired by upstream participants (e.g., physicians, hospitals, pharmacies, and pharmaceutical companies) so as to improve patient outcomes. As yet another example, a life insurance company may wish to offer services to suitable patient cohorts and may build actuarial and risk models based on a plurality of data from multiple sources.
While sharing of certain health data might be desired by any one or more of the various participants in the ecosystem, such sharing is often constrained by the aforementioned health information protection expectations. In the United States, for example, the Security Rule of HIPAA specifically addresses the handling of protected health information (PHI). Specifically, the Security Rule of HIPAA was established to protect a patient's personally identifiable information (PII) while still allowing health ecosystem participants access to PHI and flexibility in adoption of technologies that facilitate the handling of PHI. HIPAA governs some but not all health information—for example, medical information disclosed by a patient to the public (e.g., via a Facebook page) is not PHI and similarly health information disclosed by a consumer to an insurance provider (e.g., smoking status) is also not PHI, since there is no patient-doctor relationship between those parties. Despite not always falling under the purview of HIPAA, patients, consumers, insurance companies, banks, and other sources and users of medical information all have strong incentives to be good stewards of sensitive information. Other jurisdictions, such as China, Vietnam, and Singapore, all have their own specific rules and regulations about health data, however in general, all countries, people, and businesses have an interest in protecting sensitive information.
This situation becomes more complicated when data are transmitted over the Internet. In the face of massive volumes of data that can now be transferred over the Internet, various laws, regulations, guidelines, and other types of governance have been established pertaining to the use of data (e.g., non-PHI, PII, non-PII, etc.) in consideration of an individual's privacy preferences. Although the benefits of sharing data—and the need to comply with information protection expectations—are recognized by the different participants in the health ecosystem, there are tradeoffs between the pursuit of the benefits of sharing data and the need to concurrently comply with information protection expectations and security governance. For example, a physician might be compelled (e.g., by HIPAA) to strictly protect a patient's PII, whereas the actual patient might want to be more liberal or free with respect to sharing PHI that includes some or all of their PII.
Unfortunately, there is no single mechanism that concurrently satisfies the wishes and needs of all participants. Specifically, there are no mechanisms for determining a particular data protection level for a particular participant that not only complies with data protection expectations but also seeks to maximize the benefits derived from the data. Conventional approaches often implement a universal (e.g., “one size fits all”) data protection policy. Such policies fail to “fit” all participants, either with respect to maximizing the value of shared data to a participant or with respect to observance of the protection (e.g., confidentiality, privacy, and/or security) expectations pertaining to the data. For example, a data provider might implement a data protection technique that obfuscates certain PII in accordance with a set of local regulations. However, for some participants (e.g., a data consumer in a different jurisdiction), this approach may be too strict, resulting in little to no useful data that are available to the participants. For other participants, this approach may be too loose, resulting in unacceptable risks for the participants. Moreover, “one size fits all” protection techniques are often implemented in a static codebase that is hard to alter.
Changing conditions (e.g., changing laws, changing regulations, changing guidelines, changing privacy tolerances of one or more of the participants, etc.) present challenges at least as pertains to updating the codebase in response to ongoing occurrences of such changes. As an example, a patient who once wanted strict privacy protection (e.g., when the patient was healthy), may begin to want to share more of their PII in their PHI after being diagnosed with a health condition (e.g., so as to receive the benefits of collaborative care or new drugs). What is needed is a way to dynamically customize (e.g., for a particular participant in the health ecosystem) a balance between the anonymity and/or protection of data and the utility or value of the data.